Passwd

From Attie's Wiki
(Difference between revisions)
Jump to: navigation, search
m
m
 
Line 13: Line 13:
 
| username || upto 8 characters. a direct match to a line in <code>/etc/passwd</code>
 
| username || upto 8 characters. a direct match to a line in <code>/etc/passwd</code>
 
|-
 
|-
| password || blank indicates no password required. '<code>*</code>' (or '<code>!</code>') indicates that the user has been disabled (may still <code>su</code> to that user though)
+
| password || blank indicates no password required.<br>
 +
'<code>*</code>' indicates that password authentication for the user is disabled (e.g: use pubkey)<br>
 +
'<code>!</code>' indicates that the user has been disabled (may still <code>su</code> to that user though)<br>
 
Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.<br>
 
Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.<br>
 
The field is then delimited by "$". The first field is the algorithm (1=MD5), the second is the salt, the third is the hashed password.<br>
 
The field is then delimited by "$". The first field is the algorithm (1=MD5), the second is the salt, the third is the hashed password.<br>

Latest revision as of 09:57, 18 February 2014

For more see the man pages: [1]

[edit] /etc/shadow

This file contains the password information for users.

Ubuntu's default root entry: 

root:*:15386:0:99999:7:::

Format:

username upto 8 characters. a direct match to a line in /etc/passwd
password blank indicates no password required.

'*' indicates that password authentication for the user is disabled (e.g: use pubkey)
'!' indicates that the user has been disabled (may still su to that user though)
Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.
The field is then delimited by "$". The first field is the algorithm (1=MD5), the second is the salt, the third is the hashed password.
openssl passwd -1 -salt SPOk02ci, enter 'hello' will result in:
$1$SPOk02ci$kM3A6Yo4vJ4VGiCTx3vDX1
Use a different salt, get a different hash. Don't provide a salt to generate one!

change date the number of days since 1 Jan 1970
change delay the number of days before the password may be changed. 0 indicates any time
password expiry the number of days before the user MUST change the password. 99999 indicates a long time
number of days warning before the user will be forced to change their password
number of days before disable after the password has epired. I assume blank is never
expiry date number of days since 1 Jan 1970 that the account was disabled
reserved -
Retrieved from "https://wiki.attie.co.uk/w/index.php?title=Passwd&oldid=3028"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox